cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

AZL-75219 CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

CLSA-2024-1734643101 Fix CVE(s): CVE-2024-6923

SECURITY UPDATE: Improper newline quoting in email module header serialization - debian/patches/CVE-2024-6923.patch: Encode newlines in headers and verify headers to be sound - CVE-2024-6923...

SUSE CVE-2024-6923

There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...